This copy is for your personal non-commercial use only. To order presentation-ready copies of Toronto Star content for distribution to colleagues, clients or customers, or inquire about permissions/licensing, please go to: www.TorontoStarReprints.com

Peterborough lawsuit to set precedent for Ontario patient privacy rights

The class action suit against Peterborough Regional Health Centre will determine whether a patient can sue a hospital for invasion of privacy.
A similar lawsuit launched on behalf of Rouge Valley Health System, after two rogue staffers allegedly sold patient information to private companies, is on hold until a Court of Appeal ruling on whether the Peterborough case can go ahead.
(TORONTO STAR FILE PHOTO)

Patients looking for answers after a string of privacy breaches at GTA hospitals must wait on a lawsuit in Peterborough that could have sweeping implications for all Ontario hospitals.

The class action suit against Peterborough Regional Health Centre will determine whether a patient can sue a hospital for invasion of privacy.

A similar lawsuit launched on behalf of 14,450 patients of Rouge Valley Health System, after two rogue staffers allegedly sold patient information to private companies, is on hold until a Court of Appeal ruling on whether the Peterborough case can go ahead.

Peterborough Regional Health Centre is fighting to have the case thrown out.

Erkenraadje Wensvoort is the lawsuit’s lead plaintiff, one of 280 patients whose medical records were wrongfully accessed between 2011 and 2012.

Article Continued Below

In June 2011, after 51 years of marriage, Wensvoort alleges she left an abusive relationship and went into hiding with an unlisted phone number and address, according to the plaintiffs’ amended statement of claim, which has not been proven in court.

When she was admitted to Peterborough Regional Health Centre a month later, her identity was supposed to be kept secret from everyone except the staff treating her.

According to the claim, she was left paranoid and anxious when the hospital revealed years later that her medical records had been improperly accessed, and she worried that her husband had paid off a hospital employee in an attempt to find her.

The crux of the Peterborough case, known as Hopkins v. Kay, is whether patients whose privacy has been breached can sue the hospital directly.

The hospital admitted the medical records were improperly accessed, apologized to the affected patients and fired the seven employees allegedly responsible.

In its amended notice of appeal, the hospital argues the Superior Court has no jurisdiction to hear the lawsuit because under the province’s Personal Health Information Protection Act (PHIPA), personal health information privacy violations are solely the domain of the Ontario privacy commissioner.

Michael Crystal, one of the patients’ lawyers, disagrees.

He argued against the hospital’s original motion that nothing in PHIPA prevents patients from pursuing their own common-law action.

The dispute is arising now because in Ontario, the ability to sue someone for breach of privacy has only been established since 2012.

In the landmark case of Jones v. Tsige, an employee at the Bank of Montreal sued a co-worker — her ex-husband’s new wife — for invading her privacy by repeatedly examining her personal bank account information.

Though the banking details were not distributed, the Court of Appeal ruled the plaintiff’s privacy had been breached and awarded $10,000 in damages.

The question in Hopkins v. Kay is whether that precedent — which created the new common law tort of “intrusion upon seclusion” — applies even though PHIPA provides an existing remedy to privacy breaches.

“I think that’s why everybody is watching this so closely. If this case turns out like Jones, then it opens the door for claimants to bring privacy breach claims,” said Elyse Sunshine, a Toronto lawyer specializing in health law.

One of the key differences between the two approaches is how damages are defined.

PHIPA requires evidence of “actual harm” and limits damages to $10,000 for mental anguish. It does not allow for punitive or aggravated damages.

Under common law, the plaintiffs likely would not have to prove any tangible or economic harm, Sunshine said.

“The damage arises from the conduct, just the mere access. You don’t have to have additional harm,” Crystal said.

Privacy lawyer Michael Power said the case illustrates the messy process of the law trying to set new societal rules in response to technological change.

“When you sue somebody, you’re looking for justice. And that involves not only compensating the individual for the harms they’ve suffered, but also sending a message to society that this kind of conduct ... is not acceptable,” Power said.

For its part, the privacy watchdog says it will tell the court it does not have exclusive jurisdiction over matters of patient privacy.

“(PHIPA) does not prevent the courts from hearing cases related to the improper handling of personal health information,” said Brian Beamish, the acting information and privacy commissioner, in an emailed statement.

Patrick Hawkins, one of the lawyers for Peterborough Regional Health Centre and the defendants, declined to comment.

The case is scheduled to appear before the Court of Appeal on Dec. 15.

More from the Toronto Star & Partners

LOADING

Copyright owned or licensed by Toronto Star Newspapers Limited. All rights reserved. Republication or distribution of this content is expressly prohibited without the prior written consent of Toronto Star Newspapers Limited and/or its licensors. To order copies of Toronto Star articles, please go to: www.TorontoStarReprints.com